Reputation: 85
I'm trying to connect via https using requests. I have tried generating my own certificates suggested online and passing my own ca bundle w/o success. The error I get is:
SSLError: HTTPSConnectionPool(host='app.company.com', port=443): Max retries exceeded with url: /v1/auth/login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
I'm using Python 3.6.3 :: Anaconda, Inc.
I'm of the opinion that generating my own certs is the wrong path as I discovered that curl had the same issue. BUT, I got one version of curl to work but not another and the difference is - The working version is this - which is the one packaged by iOS (/usr/bin/curl):
curl 7.54.0 (x86_64-apple-darwin16.0) libcurl/7.54.0 SecureTransport zlib/1.2.8 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets
The non-working version is this (from anaconda):
curl 7.55.1 (x86_64-apple-darwin13.4.0) libcurl/7.55.1 OpenSSL/1.0.2l zlib/1.2.11 libssh2/1.8.0 Release-Date: 2017-08-14 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy
So the key issue seems to be SecureTransport vs. OpenSSL. Granted, I don't know why but is there a way I can get python requests to use SecureTransport? I want to understand why but for now I'll settle with it working!!
(And a side question is why the different of SSL libraries for different versions of curl. Is it possible to make curl 7.55.1 use SecureTransport)
Thanks in advance.
Upvotes: 3
Views: 4408
Reputation: 85
I had the same problem described in this post. SSL error with Python requests despite up-to-date dependencies
The fix is just to concatenate all the certs into one file and stick it in the Nginx cert directory.
Upvotes: 1